Add config options for client certificate authentication
This commit is contained in:
parent
ba1c1c87c4
commit
9bd51c650b
|
@ -572,7 +572,9 @@ def _configuration_ldap_helper(to_save, gdriveError):
|
|||
reboot_required |= _config_string(to_save, "config_ldap_group_members_field")
|
||||
reboot_required |= _config_checkbox(to_save, "config_ldap_openldap")
|
||||
reboot_required |= _config_int(to_save, "config_ldap_encryption")
|
||||
reboot_required |= _config_string(to_save, "config_ldap_cacert_path")
|
||||
reboot_required |= _config_string(to_save, "config_ldap_cert_path")
|
||||
reboot_required |= _config_string(to_save, "config_ldap_key_path")
|
||||
_config_string(to_save, "config_ldap_group_name")
|
||||
if "config_ldap_serv_password" in to_save and to_save["config_ldap_serv_password"] != "":
|
||||
reboot_required |= 1
|
||||
|
@ -612,9 +614,11 @@ def _configuration_ldap_helper(to_save, gdriveError):
|
|||
return reboot_required, _configuration_result(_('LDAP User Object Filter Has Unmatched Parenthesis'),
|
||||
gdriveError)
|
||||
|
||||
if config.config_ldap_cert_path and not os.path.isfile(config.config_ldap_cert_path):
|
||||
if config.config_ldap_cacert_path and not (os.path.isfile(config.config_ldap_cacert_path)
|
||||
or os.path.isfile(config.config_ldap_cacert_path)
|
||||
or os.path.isfile(config.config_ldap_key_path)):
|
||||
return reboot_required, \
|
||||
_configuration_result(_('LDAP Certificate Location is not Valid, Please Enter Correct Path'),
|
||||
_configuration_result(_('LDAP CACertificate, Certificate or Key Location is not Valid, Please Enter Correct Path'),
|
||||
gdriveError)
|
||||
return reboot_required, None
|
||||
|
||||
|
|
|
@ -108,7 +108,9 @@ class _Settings(_Base):
|
|||
config_ldap_serv_username = Column(String, default='cn=admin,dc=example,dc=org')
|
||||
config_ldap_serv_password = Column(String, default="")
|
||||
config_ldap_encryption = Column(SmallInteger, default=0)
|
||||
config_ldap_cacert_path = Column(String, default="")
|
||||
config_ldap_cert_path = Column(String, default="")
|
||||
config_ldap_key_path = Column(String, default="")
|
||||
config_ldap_dn = Column(String, default='dc=example,dc=org')
|
||||
config_ldap_user_object = Column(String, default='uid=%s')
|
||||
config_ldap_openldap = Column(Boolean, default=True)
|
||||
|
|
|
@ -20,7 +20,7 @@ from __future__ import division, print_function, unicode_literals
|
|||
import base64
|
||||
|
||||
from flask_simpleldap import LDAP, LDAPException
|
||||
|
||||
from flask_simpleldap import ldap as pyLDAP
|
||||
from .. import constants, logger
|
||||
|
||||
try:
|
||||
|
@ -54,8 +54,16 @@ def init_app(app, config):
|
|||
app.config['LDAP_USERNAME'] = ""
|
||||
app.config['LDAP_PASSWORD'] = base64.b64decode("")
|
||||
if bool(config.config_ldap_cert_path):
|
||||
app.config['LDAP_REQUIRE_CERT'] = True
|
||||
app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
|
||||
# app.config['LDAP_REQUIRE_CERT'] = True
|
||||
# app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
|
||||
app.config['LDAP_CUSTOM_OPTIONS'] = {
|
||||
pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
|
||||
pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
|
||||
pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
|
||||
pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
|
||||
pyLDAP.OPT_X_TLS_NEWCTX: 0
|
||||
}
|
||||
|
||||
app.config['LDAP_BASE_DN'] = config.config_ldap_dn
|
||||
app.config['LDAP_USER_OBJECT_FILTER'] = config.config_ldap_user_object
|
||||
|
||||
|
@ -65,8 +73,21 @@ def init_app(app, config):
|
|||
app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
|
||||
app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
|
||||
|
||||
|
||||
try:
|
||||
_ldap.init_app(app)
|
||||
except ValueError:
|
||||
if bool(config.config_ldap_cert_path):
|
||||
app.config['LDAP_CUSTOM_OPTIONS'] = {
|
||||
pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
|
||||
pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
|
||||
pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
|
||||
pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
|
||||
}
|
||||
try:
|
||||
_ldap.init_app(app)
|
||||
except RuntimeError as e:
|
||||
log.error(e)
|
||||
except RuntimeError as e:
|
||||
log.error(e)
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@
|
|||
<div class="btn btn-default" id="admin_new_user"><a href="{{url_for('admin.new_user')}}">{{_('Add New User')}}</a></div>
|
||||
{% if (config.config_login_type == 1) %}
|
||||
<div class="btn btn-default" id="import_ldap_users" data-toggle="modal" data-target="#StatusDialog">{{_('Import LDAP Users')}}</div>
|
||||
<!--a href="#" id="import_ldap_users" name="import_ldap_users"><button type="submit" class="btn btn-default">{{_('Import LDAP Users')}}</button></a-->
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -15,8 +15,8 @@
|
|||
</div>
|
||||
<div id="collapseOne" class="panel-collapse collapse in">
|
||||
<div class="panel-body">
|
||||
<label for="config_calibre_dir">{{_('Location of Calibre Database')}}</label>
|
||||
<div class="form-group required input-group">
|
||||
<label for="config_calibre_dir" class="sr-only">{{_('Location of Calibre Database')}}</label>
|
||||
<input type="text" class="form-control" id="config_calibre_dir" name="config_calibre_dir" value="{% if config.config_calibre_dir != None %}{{ config.config_calibre_dir }}{% endif %}" autocomplete="off">
|
||||
<span class="input-group-btn">
|
||||
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||
|
@ -264,9 +264,26 @@
|
|||
</select>
|
||||
</div>
|
||||
<div data-related="ldap-cert-settings">
|
||||
<div class="form-group">
|
||||
<label for="config_ldap_cacert_path" >{{_('LDAP CACertificate Path')}}</label>
|
||||
<div class="form-group input-group">
|
||||
<input type="text" class="form-control" id="config_ldap_cacert_path" name="config_ldap_cacert_path" value="{% if config.config_ldap_cacert_path != None %}{{ config.config_ldap_cacert_path }}{% endif %}" autocomplete="off">
|
||||
<span class="input-group-btn">
|
||||
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||
</span>
|
||||
</div>
|
||||
<label for="config_ldap_cert_path">{{_('LDAP Certificate Path')}}</label>
|
||||
<div class="form-group input-group">
|
||||
<input type="text" class="form-control" id="config_ldap_cert_path" name="config_ldap_cert_path" value="{% if config.config_ldap_cert_path != None %}{{ config.config_ldap_cert_path }}{% endif %}" autocomplete="off">
|
||||
<span class="input-group-btn">
|
||||
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||
</span>
|
||||
</div>
|
||||
<label for="config_ldap_key_path">{{_('LDAP Keyfile Path')}}</label>
|
||||
<div class="form-group input-group">
|
||||
<input type="text" class="form-control" id="config_ldap_key_path" name="config_ldap_key_path" value="{% if config.config_ldap_key_path != None %}{{ config.config_ldap_key_path }}{% endif %}" autocomplete="off">
|
||||
<span class="input-group-btn">
|
||||
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
|
|
Loading…
Reference in New Issue
Block a user